Major improvements to the Azure DevOps integration will be introduced in July 2021. The underlying scanning mechanism will be modified to allow a direct WhiteSource scan from within the Azure DevOps pipeline. As part of this change, the following updates will be introduced:
The WhiteSource Bolt extension enables you to do the following:
Your Azure DevOps organization is connected to an Azure Active Directory via Organization Settings > Azure Active Directory.
You do not have any existing WhiteSource extensions installed. If so, these must be uninstalled.
An activation key is required for adding this extension to more than one Azure DevOps organization. You can obtain this activation key from the Integrate page within your WhiteSource Essentials trial. This also means that once the Essentials trial is over, you will no longer be able to install Bolt on additional Azure DevOps organizations.
If you are using a self-hosted build agent, note that running it behind a web proxy is not currently supported.
The WhiteSource Bolt report is available on a pipeline build level and it comprises 3 tabs: Inventory, Security Vulnerabilities, and License Risks. You can view the WhiteSource report at a build or project level (aggregated report of all your builds). NOTE: There is a current known issue where a fourth tab, Outdated Libraries,is displayed. This issue will be fixed on February 28, 2021.
Viewing the Report
To view the report, do as follows: